Key corruption: duplicate signatures and usage flags

Justus Winter justus at g10code.com
Thu Jun 22 17:00:03 CEST 2017


martin f krafft <madduck at madduck.net> writes:

> [ Unknown signature status ]
> Hey Justus, thanks for writing in. Here are the answers you wanted:
>
>> gpg --version please?
>
> 2.1.18
>
>> > So far, so good. Do note the [SC] usage flags.
>> 
>> What are the capabilities of your primary key supposed to be?
>
> There were [SC] when I created it, but I've recently changed to
> a signing subkey and removed the flag from the primary key.

Interesting.  Thanks for clarifying.

>> >   key 55C9882D999BBCC4:
>> >   24 duplicate signatures removed
>> >
>> > That's a bit weird. Where do these come from?
>> 
>> Not sure, but anyone can append stuff to your key on the keyservers.
>> Maybe some faulty software reordered the packages and uploaded it?
>
> Yeah could be. And while there's no way this can be fixed, it also
> doesn't really harm, does it?

No, it does (should) not harm.  Future versions of GnuPG will check and
clean keys automatically when (re-)fetching them from keyservers.

Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170622/0db111b8/attachment.sig>


More information about the Gnupg-users mailing list